diff --git a/pkgs/tools/security/certmgr/default.nix b/pkgs/tools/security/certmgr/default.nix index fa3076e8b593..28cdcfdad084 100644 --- a/pkgs/tools/security/certmgr/default.nix +++ b/pkgs/tools/security/certmgr/default.nix @@ -1,4 +1,4 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }: buildGoPackage rec { version = "1.6.1"; @@ -13,6 +13,16 @@ buildGoPackage rec { sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2"; }; + # The following patch makes it possible to use a self-signed x509 cert + # for the cfssl apiserver. + # TODO: remove patch when PR is merged. + patches = [ + (fetchpatch { + url = "https://github.com/cloudflare/certmgr/pull/51.patch"; + sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs"; + }) + ]; + meta = with stdenv.lib; { homepage = https://cfssl.org/; description = "Cloudflare's certificate manager";